From:	CRDGW2::CRDGW2::MRGATE::"SMTP::CRVAX.SRI.COM::RELAY-INFO-VAX" 28-SEP-1990 00:11:17.03
To:	MRGATE::"ARISIA::EVERHART"
CC:	
Subj:	Creating directories ... - once more into the breach

Received:  by crdgw1.ge.com (5.57/GE 1.73)
	 id AA10646; Thu, 27 Sep 90 23:51:34 EDT
Received: From VENUS.YCC.YALE.EDU by CRVAX.SRI.COM with TCP; Thu, 27 SEP 90 19:16:57 PDT
Received: from BULLDOG.CS.YALE.EDU by Venus.YCC.Yale.Edu; Thu, 27 Sep 90 22:11
 EDT
Received: from lrw.UUCP by BULLDOG.CS.YALE.EDU via UUCP; Thu, 27 Sep 90
 22:05:07 EDT
Received: by lrw.UUCP (DECUS UUCP w/Smail); Thu, 27 Sep 90 21:31:51 EDT
Date: Thu, 27 Sep 90 21:31:51 EDT
From: Jerry Leichter <leichter@LRW.COM>
Subject: Creating directories ... - once more into the breach
To: INFO-VAX@KL.SRI.COM
Message-Id: <9009280205.AA23014@BULLDOG.CS.YALE.EDU>
X-Vms-Mail-To: INFOVAX
X-Envelope-To: info-vax@kl.sri.COM

[Once again, the original question was how to create a directory using a
logical name while ensuring that a malicious user did not change the logical
to cause the directory to end up in the same place.  We're assuming that the
CORRECT definition of the logical was made in exec mode.]

Earlier today, I proposed the algorithm:  Call $PARSE yourself twice, once
requesting only inner-mode translations, then again allowing any translations.
If the two resulting files specs are different, refuse to continue.

This is ALMOST right.  When you make the $PARSE calls, you must specify the
NO_CONCEAL option.  (The threat is obvious if you just think nasty a bit.)

							-- Jerry